CAT | National Security
NSA’s TAO — Dark Reading The Internet has been buzzing with reports of the recently leaked NSA exploits, backdoors, and hacking / surveillance tools. The linked article is good example. None of this should be news to anyone paying attention. Many similar hacking tools are available from vendors at conferences like BlackHat and DefCon. We […]
Bruce Schneier has a great post on issues with CALEA-II. He talks about two main issues, with historical context. First, about the vulnerabilities that automated eavesdropping backdoors always create in communications, and how that disadvantages US companies. Second, about the fact that law enforcement claims of communications “Going Dark” are absurd given the treasure trove […]
The FBI in conjunction with the Bureau of Justice Assistance and Joint Regional Intelligence Center have produced a number of fliers to help the public identify possible terrorists. While some of the points have merit, it is very likely that this will generate an extremely high proportion of false alerts based on perfectly reasonable and […]
Schneier on Security: Domain-in-the-Middle Attacks Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack. Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.
Matt Blaze analyzes why the widespread use of cryptography has had almsost no impact on our practical ability to do wiretaps and gather information under legitimate court orders. Not too technical and absolutely worth a read. Matt Blaze: Wiretapping and Cryptography Today:
Here is a really nice analysis of the recent security breach at Lockheed Martin. The short version is that is looks like their SecureID tokens got duplicated. This is almost certainly related to the security breach at EMC / RSA. Digital Dao: An Open Source Analysis Of The Lockheed Martin Network Breach
3 Comments · Posted by lance in Computer Security, Cryptography, First Amendment, Innovation, Internet, legal, Legislation, National Security, Online Privacy, Personal Privacy, Security Breaches, Surveillance
The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea. The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance and constitutional issues).
1 Comment · Posted by lance in Computer Security, Cryptography, Email Security, Internet, legal, Legislation, National Security, Online Privacy, Personal Privacy, Security Breaches, Stupidity, Surveillance
US Government Proposes to put back door in encrypted communications. Disastrous idea.
In a recent post on Privacy Digest, and an article in the NYTimes, there is a discussion of some major and well known vulnerabilities in the global public key infrastructure (PKI) and some examples of exploitations of that vulnerability. The issue is with the proliferation of certificate authorities on the Internet, and the low level […]
Read this post from IntelFusion. It makes a very strong case for why I worry about any privacy system run by operators you can’t really trust, investigate, and verify. In this case it is an investigation of Glype servers. They can be configured to do significant logging, and the author has been able to remotely retrieve […]